You are here: Re: [PHP] Mysql insert problems « PHP « IT news, forums, messages
Re: [PHP] Mysql insert problems

Posted by Andy Pieters on 10/04/78 11:14

Hi

Whilst you are searching the net, you might also want to search for 'sql
injection'. This is no joke!

Please use the mysql_escape_string on each variable you get from the user
side.

In your example

$Email = mysql_escape_string($_POST['Email']);
$Phonenumber = mysql_escape_string($_POST['Phonenumber']);

etc

There are some issues when magic quotes are turned on but you can implement a
hack that corrects any consuequences of that (stripslashes)


Andy






--
Registered Linux User Number 379093
-- --BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C++++$(+++) UL++++>++++$ P-(+)>++
L+++>++++$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++)
PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+)
e>++++$@ h++(*) r-->++ y--()>++++
-- ---END GEEK CODE BLOCK------
--
Check out these few php utilities that I released
under the GPL2 and that are meant for use with a
php cli binary:

http://www.vlaamse-kern.com/sas/
--

--

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация